Skip to content

Add proposed ADR to use CEL in CascadingRules#3328

Merged
Weltraumschaf merged 3 commits intosecureCodeBox:mainfrom
J12934:docs/adr-cel-for-cascading-rules
Oct 22, 2025
Merged

Add proposed ADR to use CEL in CascadingRules#3328
Weltraumschaf merged 3 commits intosecureCodeBox:mainfrom
J12934:docs/adr-cel-for-cascading-rules

Conversation

@J12934
Copy link
Member

@J12934 J12934 commented Oct 14, 2025

Description

See ADR :)

Checklist

  • Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
  • Make sure that all your commits are signed-off and that you are added to the Contributors file.
  • Make sure that all CI finish successfully.
  • Optional (but appreciated): Make sure that all commits are Verified.

J12934 added 2 commits October 14, 2025 16:09
@J12934
That isn't my name 😅
40d5676 
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934
Add CEL Matcher ADR for CascadingRules
106148e 
Most of the text and structure here is generated based on the following prompt, then manually reviewed, just in case anybody wants to save time reading boilerplate :D

```prompt
Please have a look at the current syntax for CascadingRules in the following files:

documentation/docs/how-tos/scanning-networks.md
documentation/docs/api/crds/cascading-rule.md

Please write a ADR in the documentation/docs/architecture/09_architecture_decisions directory
with a sugegsted move to switch out the custom `matches` object syntax of the CascadingRule with the Common Expression Language (CEL).

The goal here would be make the CascadingRules more dynamic by allowing a wide range of expressions without us having to model the matcher syntax for everything ourself.

describe the pros and cons of that approach try to follow the structure of existing ADRs in this repo
```

Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934 J12934 self-assigned this Oct 14, 2025
@J12934 J12934 added the architecture Architecture changes label Oct 14, 2025
@netlify
Copy link

netlify bot commented Oct 14, 2025
edited
Loading

Deploy Preview for docs-securecodebox ready!

Name Link
🔨 Latest commit d6e1aac
🔍 Latest deploy log https://app.netlify.com/projects/docs-securecodebox/deploys/68f0bacf7178d1000862b6b6
😎 Deploy Preview https://deploy-preview-3328--docs-securecodebox.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@J12934 J12934 moved this from Triage to To Review in secureCodeBox Oct 14, 2025
Weltraumschaf
Weltraumschaf reviewed Oct 14, 2025
View reviewed changes
documentation/docs/architecture/09_architecture_decisions/adr_0020.md

To ensure backward compatibility and smooth migration:

1. **Dual Support Period**: Support both the legacy `matches.anyOf` syntax and the new `matches.expression` syntax simultaneously for at least two major versions.
Copy link
Member

@Weltraumschaf Weltraumschaf Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if accidentally both is configured? Precedence of CEL + warning?

@J12934
Clarify dual support period and automatic translation possibilities
d6e1aac 
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 16, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@J12934 J12934 requested a review from Weltraumschaf October 16, 2025 11:21
@github-project-automation github-project-automation bot moved this from To Review to Reviewer Approved in secureCodeBox Oct 22, 2025
@Weltraumschaf Weltraumschaf merged commit 2146866 into secureCodeBox:main Oct 22, 2025
48 checks passed
@github-project-automation github-project-automation bot moved this from Reviewer Approved to Done in secureCodeBox Oct 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Weltraumschaf Weltraumschaf Weltraumschaf approved these changes

Assignees

@J12934 J12934

Labels

architecture Architecture changes

Projects

secureCodeBox
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@J12934 @Weltraumschaf